Moxa V2403-C7-W-T [25/90] Observe and erase chain rules

V2403 Series Linux Software Managing Communications

3-10

The basic syntax to enable and load an IPTABLES module is as follows:

# lsmod

# modprobe ip_tables

# modprobe iptable_filter

# modprobe iptable_mangle

# modprobe iptable_nat

Use lsmod to check if the ip_tables module has already been loaded in the V2403-LX. Use modprobe to

insert and enable the module.

Use iptables, iptables-restore, and iptables-save to maintain the database.

ATTENTION

IPTABLES plays the role of packet filtering or NAT. Be careful when setting up the IPTABLES rules. If the rules

are not correct, remote hosts that connect via a LAN or PPP may be denied. We recommend using the VGA

onsole to set up the IPTABLES. Click on the following links for more information about IPTABLES.

http://www.linuxguruz.com/iptables/

http://www.netfilter.or

g/documentation/HOWTO//packet-filtering-HOWTO.html

Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have divided our

discussion of the various rules into three categories: Observe and erase chain rules, Define policy rules,

and Append or delete rules.

Observe and Erase Chain Rules

Usage:

# iptables [-t tables] [-L] [-n]

-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.

-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.

-n: Numeric output of addresses and ports.

# iptables [-t tables] [-FXZ]

-F: Flush the selected chain (all the chains in the table if none is listed).

-X: Delete the specified user-defined chain.

-Z: Set the packet and byte counters in all chains to zero.

Example:

# iptables -L -n

In this example, since we do not use the -t parameter, the system uses the default “filter” table. Three chains

are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted automatically, and all connections

are accepted without being filtered.

# iptables –F

# iptables –X

# iptables –Z